On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote: At random:
> +static int smack_netlabel(struct sock *sk) > +{ > + static int initialized; > + struct socket_smack *ssp = sk->sk_security; > + struct netlbl_lsm_secattr secattr; > + int rc = 0; > + > + if (!initialized) { > + smk_cipso_doi(); > + initialized = 1; > + } And just what happens if another task calls the same while we are blocked on allocation in smk_cipso_doi()? Another problem is your handling of smk_known - you add to head under mutex; fine. However, you read without one _and_ have no barriers in initializing new list entries. Think what happens if CPU1 adds to list and CPU2 sees write to smk_known *before* it sees write to ->smk_next. We see a single-element list and we'll be lucky if that single entry won't be FUBAR. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html